Too Deep into A Wormhole!

Wormhole, a token bridge allowing users to seamlessly bridge wrapped assets between supported chains, has been compromised. The hack took place on the 2nd February 2022 and according to several etherscan transactions, the attacker minted 120,000 wETH on Solana then redeemed 93,750 wETH for ETH worth around $254m.

• Twitter handle @kelvinfichter provides a detailed description of how the hacker successfully exploited the wormhole protocol in a thread here.
• The official Twitter handle of wormholecrypto has since published multiple updates most notably that the vulnerability has been patched.
• The Wormhole network is currently down for maintenance as the team looks into the exploit.

• An address associated with the Wormhole team has sent an on-chain message offering the hacker a white hat agreement (they will allow the hacker to keep $10m of the funds in exchange for the safe return of the rest of the funds as well as information on how they exploited the protocol).

Vitalik Buterin, Co-Founder of Ethereum, has been fairly vocal regarding his concerns on the security of cross-chain applications in a Reddit thread shared last month:

“It’s always safer to hold Ethereum-native assets on Ethereum and Solana-native assets on Solana than it is to hold Etherum-native assets on Solana or Solana-native assets on Ethereum”.

Take this into consideration when operating cross-chain!